Software features new classification for Stratum mining protocol

Rohde & Schwarz Cybersecurity has enhanced its R&SPACE 2 deep packet inspection (DPI) software to include Stratum protocol classification capabilities. The DPI engine can now reliably classify and therefore enable network security solutions to block malicious mining activities. A new category of cryptocurrency-based cyberattacks that mine cryptocurrencies on a victims PC over the internet is increasing in prevalence. Known as drive-by mining and, these network-based cryptocurrency attacks use the Stratum network protocol to transfer the consequences of the malicious mining activities to a mining pool controlled by the attacker. The DPI software library provides reliable and powerful detection and classification of thousands of applications and protocols by combining deep packet inspection and behavioural traffic analysis – despite whether the protocols use advanced obfuscation, port-hopping techniques or encryption. “Growth in the cryptocurrency market and availability of mineable coins has led to a rise in malicious mining activity affecting enterprises and private users worldwide. Drive-by and stealth mining are only the tip of the iceberg, and we will see more activities in the areas of crypto mining in the years to come,” said Alexander Müller, product manager for DPI at Rohde & Schwarz Cybersecurity. “Our high-performance R&S PACE 2 DPI engine when embedded in network security solutions now helps to detect and protect networks from network-based crypto attacks.”